<?php 
	Class MaintainSystem {
		
		function checkUser($account, $uid) {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			MaintainSystem::CheckLength($uid, 'uid');
			MaintainSystem::CheckLength($account, "account");
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$uid = mysql_real_escape_string($uid);
			$account = mysql_real_escape_string($account);
			$sql = "SELECT active_flag FROM `User` WHERE `account` = '$account' AND `uid` = '$uid'";
			$row = $mysql->query_row($sql, $link);
			if ($row[0] == 2)
				return true;
			else
				return false;
		}		
		function CheckLength($input, $type) {
			$length = strlen($input);
			if ($length == 0) {
				echo "<script language='javascript'>";
				echo "alert('".$type."不得為空');";
				echo "history.back();";
				echo "</script>";
				die();
			}
		}
		function showAllUser() {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$sql = "SELECT * FROM `User`";
			//$row = $mysql->query_row($sql, $link);
			$row = mysql_query($sql, $link) or die(mysql_error());
			return  $row;
		}
		function getUserInfo($uid){
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			MaintainSystem::CheckLength($uid, 'uid');
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$uid = mysql_real_escape_string($uid);
			$sql = "SELECT * FROM `User` Where `uid` = '$uid'";
			$row = $mysql->query_row($sql, $link);
			return  $row;
		}
		function modifyUser($id, $name, $birth, $tel) {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			MaintainSystem::CheckLength($name, "姓名");
			MaintainSystem::CheckLength($birth, "生日");
			MaintainSystem::CheckLength($tel, "電話");
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$name = mysql_real_escape_string($name);
			$birth = mysql_real_escape_string($birth);
			$tel = mysql_real_escape_string($tel);
			$sql = "UPDATE user SET name = '$name', birth = '$birth', tel = '$tel' WHERE uid = '$id' ";
			$mysql->query($sql, $link);
		}
		function delUser($uid) {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			$mysql = new MySQL();
			MaintainSystem::CheckLength($uid, "uid");
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$uid = mysql_real_escape_string($uid);
			$sql = "SELECT active_flag FROM `User` Where `uid` = '$uid'";
			$row = $mysql->query_row($sql, $link);	
			if ($row[0] == 1) {
				$sql = "DELETE FROM `User` Where `uid` = '$uid'";
				$mysql->query($sql, $link);
				$sql = "DELETE FROM `Messages` Where (`rec_id` = '$uid' OR `send_id` = '$uid')";
				$mysql->query($sql, $link);
				$sql = "DELETE FROM `friendlist` Where (`owner_id` = '$uid' OR `friend_id` = '$uid')";
				$mysql->query($sql, $link);
			}
		}
		function profileEditPic($id, $new_file) {
			require('../../host_config.php');
			require_once('../../Model/MySQL.php');
			MaintainSystem::CheckLength($id, "id");
			MainTainSystem::CheckLength($new_file, "new_file");
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$new_file = MaintainSystem::Upload_Pic($new_file);
			$id = mysql_real_escape_string($id);
			$new_file = mysql_real_escape_string($new_file);
			$sql = "UPDATE user SET pic = '$new_file' WHERE uid = '$id' ";
			$mysql->query($sql, $link);
		}
		function Upload_Pic($new_file) {
			$upload_path = "pics/";
			$possible = "_0123456789"."abcdefghijklmnopqrstuvwxyz"."ABCDEFGHIJKLMNOPQRSTUVWXYZ";
			$temp = 0;
			/*temp 用於計算檔案上傳的錯誤
			 店面照片已有進行驗證
			如果照片未上傳擇$temp++
			如果附檔名有誤$temp = 10
			如果上傳檔案大小有誤$temp = 20
			如上傳失敗$temp = 30
			*/
			$max_size = 1*1024*1024; //限制可檔案大小為1MB
			$limitedext = array("bmp","gif","jpg","jpeg","png");//設定可上傳的檔案類型(副檔名)
			$str = "";
			while(strlen($str) < 3) {
				$str .= substr($possible, (rand() % strlen($possible)), 1);
			}
			$uploadfilename=time().$str;
			$file_name = $new_file['name'];
			$file_tmp = $new_file['tmp_name'];
			
			$File_Extension = explode(".", $new_file['name']);
			$File_Extension = $File_Extension[count($File_Extension)-1];
			if($file_name == NULL){
				$file = "pics/default.jpg";
			}
			else if($new_file['error'] > 0){
				echo "照片上傳錯誤代碼:".$_new_file['error'];
				exit;
			}
			else if(($max_size > 0) && ($new_file['size'] > $max_size)){
				echo "照片上傳的檔案大小大於".$max_size."位元組";
				$temp = 20;
			}
			else if(!in_array($File_Extension,$limitedext)){
				echo "$File_Extension <br /> $limitedext <br />";
				echo "照片不支援此檔案類型<br />";
				$temp = 10;
			}
			if(move_uploaded_file($file_tmp, "../../".$upload_path.$uploadfilename.".".$File_Extension)){
			$file = $upload_path.$uploadfilename.".".$File_Extension;
			}
			else{
			$temp = 30;
			}
			//Exception
			if ($temp == 10) {
				echo "<script language='javascript'>";
				echo "alert('照片副檔名有誤（只允許GIF和JPEG檔）');";
				echo "history.back();";
				echo "</script>";
				die();
				}else if ($temp == 20) {
				echo "<script language='javascript'>";
				echo "alert('無法上傳照片，請檢查檔案是否小於400 KB');";
				echo "history.back();";
				echo "</script>";
				die();
				}else if ($temp == 30) {
				echo "<script language='javascript'>";
				echo "alert('照片上傳錯誤');";
				echo "history.back();";
				echo "</script>";
					die();
				}
				if ($file[4] == NULL) {
					echo "<script language='javascript'>";
					echo "alert('店家招牌沒有上傳');";
					echo "history.back();";
					echo "</script>";
					die();
				}
				return $file;
			}	
		function showAllMessage() {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			//$sql = "SELECT * FROM `Messages`";
			$sql = 'SELECT mid , A1.name SenderName, A1.pic SenderPic, B1.name ReceiverName, B1.pic ReceiverPic, timestamp , msg_cont FROM `messages` '
        . ' INNER JOIN `user` AS A1 ON send_id = A1.uid '
        . ' INNER JOIN `user` AS B1 ON rec_id = B1.uid '
        . ' ORDER BY mid desc';
			$row = mysql_query($sql, $link) or die(mysql_error());
			return  $row;
		}
		function getMsgInfo($mid) {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			MaintainSystem::CheckLength($mid, "mid");
			$mysql = new MYSQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$mid = mysql_real_escape_string($mid);
			$sql = "SELECT * FROM `messages` WHERE `mid` = '$mid'";
			$row = $mysql->query_row($sql, $link);
			return $row;
		}
		function editMessage($mid, $msg_cont) {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			MaintainSystem::CheckLength($mid, "mid");
			MaintainSystem::CheckLength($msg_cont, "msg_cont");
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$mid = mysql_real_escape_string($mid);
			$msg_cont = mysql_real_escape_string($msg_cont);
			$sql = "UPDATE Messages SET `msg_cont` = '$msg_cont' WHERE mid = '$mid' ";
			$mysql->query($sql, $link);	
		}
		function delMessage($mid) {
			require_once('../../Model/MySQL.php');
			require('../../host_config.php');
			MaintainSystem::CheckLength($mid, "mid");
			$mysql = new MySQL();
			$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
			$mid = mysql_real_escape_string($mid);
			$sql = "DELETE FROM messages WHERE mid = '$mid' OR Msg_CmtId = '$mid'";
			$mysql->query($sql, $link);
		}
}
?>

